IN THE CLAIMS 

1 1. Amended Herein] A method for handling dynamic state information used 

2 for handling data packets, which arrive at a network element node of a network 

3 element cluster, said network element cluster having at least two nodes and each 

4 node handling separate sets of data packets, said method comprising: 

5 - maintaining in a first node a first, a_node-specific data structure comprising 

6 entries representing state information needed for handling sets of data packets 

7 handled in said first node, said sets of data packets handled in said first node 

8 being different from sets of data packets handled in anv other node of said network 

9 element cluster, and each set of data packets containing data packets related to 

1 0 each other. 

1 1 - maintaining in said first node A in addition to said node-specific data 

1 2 structure^ a second, common data structure comprising at least entries 

1 3 representing state information for data packets handled in at least one other node 

1 4 of said network element cluster, the contents of said common data structure 

1 5 effectively differing from the contents of said node-specific data structure and 

1 6 including copies of all state information entries maintained in a node-specific data 

1 7 structure of said at least one other node and needed for handling sets of data 

1 8 packets in said at least one other node, said entries being maintained according to 

1 9 information on how different sets of data packets are distributed among the nodes 

20 of the network element cluster, 

2 1 - dynamically changing distribution of at least one set of data packets from 

22 said at least one other node to said first node of the network element cluster, and 

23 providing said first node with respective changed distribution information, 

24 - in response to said changed distribution information, selecting the state 

25 information entries of said at least one re-distributed set of data packets from said 

26 second common data structure and transferring them to said first node-specific 

27 data structure of said first node. 
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1 2. [previously amended] A method according to claim 1, further comprising: 

2 - allocating to each node belonging to said network element cluster certain 

3 node-specific distribution identifiers, each node having separate node-specific 

4 distribution identifiers allocated to it, 

5 - handling at least a plurality of data packets so that a data packet is handled 

6 in that node of said network element cluster- to which node a distribution identifier 

7 calculated using certain field(s) of said data packet is allocated, and 

8 - maintaining in a plurality of entries of said node-specific and common data 

9 structures distribution information relating to the distribution identifier, which 
1 0 corresponds to the set of data packets related to the respective entry. 

1 3. [previously amended] A method according to claim 2, further comprising: 

2 - reallocating said distribution identifiers to the nodes of said network 

3 element cluster, 

4 - if said reallocation results in a new distribution identifier being allocated to 

5 a node, said new distribution identifier being a distribution identifier not allocated to 

6 said node at the time of the reallocation, identifying in the common data structure of 

7 said node the entries corresponding to said new distribution identifier, and adding 

8 said entries to the node-specific data structure of said node, and 

9 - if said reallocation results in an old distribution identifier not being allocated 

10 to a node anymore, said old distribution identifier being a distribution identifier 

1 1 allocated to said node at the time of the reallocation, identifying in the node-specific 

1 2 data structure of said node the entries corresponding to said old distribution 

1 3 identifier, and clearing said entries from the node-specific data structure of said 

1 4 node. 

1 4. [previously amended] A method according to claim 2, further comprising: 
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2 - adding a new entry to said node-specific data structure in a first node, 

3 - communicating said new entry at least to a second node of the network 

4 element cluster, and 

5 - adding an entry corresponding to said new entry to the common data 

6 structure of said second node. 

1 5. [previously amended] A method according to claim 4, further comprising: 

2 - adding an entry corresponding to said new entry to the common data structure of 

3 said first node. 

1 6. [previously amended] A method according to claim 1, further comprising 

2 maintaining in said common data structure of said node entries representing state 

3 information needed for handling sets of data packets handled in said node. 

1 7. [previously amended] A method according to claim 1, wherein said state 

2 information comprises the source address field and/or the destination address 

3 field of an Internet Protocol header, and/or port header fields of a Transmission 

4 Control Protocol header and/or port header fields of a User Datagram Protocol 

5 header, and/or the identifier header field of an Internet Control Message Protocol 

6 header, and/or a Message Identifier field of an Internet Security Association and Key 

7 Management Protocol header, and/or an Initiator Cookie field of an Internet Security 

8 Association and Key Management Protocol header, and/or the Security Parameter 

9 Index field of a security header relating to the IPSec protocol suite, and/or a Session 

1 0 ID field relating to the Secure Sockets Layer protocol, and/or an HTTP Cookie field 

1 1 relating to the HyperText Transfer Protocol. 

1 8. [[previously amended] A method according to claim 1, wherein said state 

2 information comprises information identifying an authenticated entity. 
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1 9. [previously amended] A method according to claim 1, wherein said state 

2 information comprises information identifying a secured tunnel, within which data 

3 packets of the corresponding set are tunneled. 

1 10. [previously amended] A method according to claim 2, wherein said 

2 distribution identifier is a hash value and a hash function is used for calculating a 

3 hash value using certain field(s) of a data packet. 

1 11. [previously amended] A method according to claim 2, wherein said 

2 distribution information is said distribution identifier. 



1 12. [previously amended] A method according to claim 2, wherein said 

2 distribution information is information needed for calculating said distribution 

3 identifier for the corresponding data packet. 

1 13. [previously amended] A method according to claim 2, wherein said 

2 certain field(s) for calculating a distribution identifier comprise the source address 

3 field and/or the destination address field of an Internet Protocol header, and/or port 

4 header fields of a Transmission Control Protocol header and/or port header fields 

5 of a User Datagram Protocol header, and/or the identifier header field of an Internet 

6 Control Message Protocol header, and/or a Message Identifier field of an Internet 

7 Security Association and Key Management Protocol header, and/or an Initiator 

8 Cookie field of an Internet Security Association and Key Management Protocol 

9 header, and/or the Security Parameter Index field of a security header relating to the 

1 0 IPSec protocol suite, and/or a Session ID field relating to the Secure Sockets Layer 

1 1 protocol, and/or an HTTP Cookie field relating to the HyperText Transfer Protocol. 
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. 1 14. [amended herein] A network element node of a network element cluster 

2 having at least two nodes, said node comprising 

3 - first data storage, 

4 - means maintaining in said first data storage a first, node-specific data 

5 structure comprising entries representing state information needed for handling 

6 sets of data packets handled in said node, said sets of data packets handled in 

7 said first node being different from sets of data packets handled in any other node 

8 of said network element cluster, and each set of data packets containing data 

9 packets related to each other in one or more of the following wavs: data packets of 

1 0 same packet data connection, data packets of same communication session 

1 1 comprising a plurality of packet data connections, and data packets of a plurality of 
1 2 packet data connections of same secure tunnel. 

1 3 - second data storage, and 

1 4 - means maintaining in said second data storage a second, common data 

l 5 structure comprising at least entries representing state information for data 

1 6 packets handled in one other node of said network element cluster, the contents of 

1 7 said common data structure effectively differing from the contents of said node- 

1 8 specific data structure and including copies of all state information entries 

1 9 maintained in a node-specific data structure of said at least one other node and 

20 needed for handling sets of data packets in said at least one other node, and said 

21 entries being maintained according to information on how different sets of data 

22 packets are distributed among the nodes of the network element cluster, 

23 - means receiving changed distribution information dynamically changing 

24 distribution of at least one set of data packets from said at least one other node to 

25 said node in the network element cluster, and 

26 - means that, based on said changed distribution information selects the 

27 state information entries of said at least one re-distributed set of data packets from 

28 said second common data structure in said second data storage and transfers 
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. 29 them to said first node-specific data structure in said first data storage of said node. 

1 15. [previously amended] A network element node according to claim 

2 14,wherein: 

3 - said means maintaining the node-specific data structure are adapted to 

4 add a new entry to said node-specific data structure in said first storage means, 

5 and to communicate said new entry to said means for maintaining common data 

6 structure, 

7 - said means for maintaining the common data structure are adapted to 

8 communicate said new entry at least to one other node of the network element 

9 cluster, and in that 

1 0 - said means maintaining the common data structure are further adapted to 

1 1 receive an entry from at least one other node of the network element cluster and to 

1 2 add an entry corresponding to said received entry to said common data structure in 

1 3 said second storage means. 

1 16. [previously amended] A network element node according to claim 15, 

2 wherein: 

3 - said means for maintaining the common data structure are further adapted 

4 to add a new entry received from said means for maintaining the node-specific data 

5 structure to said common data structure in said second storage means. 

1 17. [previously amended] A network element node according to claim 14, 

2 further comprising: 

3 - means receiving distribution identifiers, which are currently allocated to said 

4 node, said distribution identifiers being used for handling at least a plurality of data 

5 packets so that a data packet is handled in that node of said network element 

6 cluster, to which node a distribution identifier calculated using certain field(s) of 
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- 7 said data packet is allocated, and 

8 - third data storage storing said distribution identifiers, and 

9 - said means maintaining the node-specific and common data structures are 

1 0 adapted to maintain in a plurality of entries of said node-specific and common data 

1 1 structures in said first and second data storage distribution information relating to 

1 2 the distribution identifier, which corresponds to the set of data packets related to the 

1 3 respective entry. 

1 18. [previously amended] A network element node according to claim 17, 

2 wherein: 

3 - said means receiving distribution identifiers are adapted to receive 

4 reallocated distribution identifiers, 

5 - said means maintaining the common data structure are adapted to detect a 

6 new distribution identifier being allocated to said node due to the reallocation, said 

7 new distribution identifier being a distribution identifier not allocated to said node at 

8 the time of receiving reallocated distribution identifiers, and to identify in the 

9 common data structure the entries corresponding to said new distribution identifier, 

1 0 and to communicate said entries to said means for maintaining the node-specific 

1 1 data structure for said entries to be added to the node-specific data structure, and 

1 2 - said means maintaining the node-specific data structure are adapted to 

1 3 detect an old distribution identifier not being anymore allocated to said node due to 

1 4 the reallocation, said old distribution identifier being a distribution identifier 

1 5 allocated to said node at the time of the reallocation, and to identify in the node- 

1 6 specific data structure the entries corresponding to said old distribution identifier, 

1 7 and to clear said entries from the node-specific data structure. 

1 19. [previously amended] A network element node according to claim 14, 

2 wherein said first data storage is a portion of kernel space memory. 
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1 20. [previously amended] A network element node according to claim 14, 

2 wherein said second data storage means is a portion of user space memory. 

1 21. [previously amended] A network element node according to claim 14, 

2 wherein said first data storage is a portion of content addressable memory. 

1 22. [previously amended] A network element node according to claim 14, 

2 wherein said first storage means is a part of a cryptographic card. 

1 23. [amended herein] A network element cluster having at least two network 

2 element nodes, at least one of said nodes comprising 

3 - first data storage means, 

4 - means for maintaining in said first storage means a first, node-specific 

5 data structure comprising entries representing state information needed for 

6 handling sets of data packets handled in said node, said sets of data packets 

7 handled in said node being different from sets of data packets handled in any other 

8 node of said network element cluster, and each set of data packets containing data 

9 packets related to each other. 

1 0 - second data storage means, and 

1 1 - means maintaining in said second storage a second, common data 

1 2 structure comprising at least entries representing state information needed for 

1 3 handling sets of data packets handled in one other node of said network element 

1 4 cluster, the contents of said common data structure effectively differing from the 

1 5 contents of said node-specific data structure and including copies of all state 

1 6 information entries maintained in a node-specific data structure of said one other 

1 7 node and needed for handling sets of data packets in said one other node, said 

1 8 entries being maintained according to information on how different sets of data 
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1 9 packets are distributed among the nodes of the network element cluster, 

20 - means for receiving changed distribution information dynamically changing 

2 1 distribution of at least one set of data packets from said one other node to said at 

22 least one node in the network element cluster, and 

23 - means that based on said changed distribution information selects the 

24 state information entries of said at least one re-distributed set of data packets from 

25 said second common data structure in said second data storage and transferring 

26 them to said first node-specific data structure in said first data storage means of 

27 said at least one node. 



1 24. [amended herein] A network element cluster according to claim 23, 

2 further comprising: 

3 - means allocating to each node belonging to said network element cluster 

4 certain node-specific distribution identifiers, each node having separate node- 

5 specific distribution identifiers allocated to it, said distribution identifiers being used 

6 for handling at least a plurality of data packets so that a data packet is handled in 

7 that node of said network element cluster T to which node a distribution identifier 

8 calculated using certain field(s) of said data packet is allocated, and in that said at 

9 least one node further comprises: 

1 0 - means for receiving distribution identifiers T which are currently 

1 1 allocated to said node, and 

1 2 - third data storage storing said distribution identifiers, and 

1 3 - and wherein said means for maintaining the node-specific and 

1 4 common data structures are adapted to maintain in a plurality of entries of 

1 5 said node-specific and common data structures in said first and second data 

1 6 storage means distribution information relating to the distribution identifier 

1 7 which corresponds to the set of data packets related to the respective entry. 
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1 25. [amended herein] A network element cluster according to claim 24, 

2 wherein: 

3 - said means for allocating distribution identifiers are adapted to reallocate 

4 distribution identifiers i d e nf i er s to the nodes of said network element cluster, and 

5 wherein in said at least one node 

6 - said means for receiving distribution identifiers are adapted to 

7 receive reallocated distribution identifiers, and 

8 - said means for maintaining the common data structure are adapted 

9 to detect a new distribution identifier being allocated to said node due to the 

1 0 reallocation, said new distribution identifier being a distribution identifier not 

1 1 allocated to said node at the time of receiving reallocated distribution 

1 2 identifiers, and to identify in the common data structure the entries 

1 3 corresponding to said new distribution identifier, and to communicate said 

1 4 entries to said means for maintaining the node-specific data structure for 
1 5 said entries to be added to the node-specific data structure, and 

1 6 - said means for maintaining the node-specific data structure are 

1 7 adapted to detect an old distribution identifier not being anymore allocated to 

1 8 said node due to the reallocation, said old distribution identifier being a 

1 9 distribution identifier allocated to said node at the time of the reallocation, 

20 and to identify in the node-specific data structure the entries corresponding to 

21 said old distribution identifier, and to clear said entries from the node- 

22 specific data structure. 

1 26. [previously amended] A computer-readable medium having stored 

2 thereon computer-readable instructions which when executed by a computer 

3 control said computer to perform the following steps: 

4 -maintaining in a first node a first, node-specific data structure 

5 comprising entries representing state information needed for handling sets 
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6 of data packets handled in said first node, 

7 - maintaining in said first node in addition to said node-specific data 

8 structure a second, common data structure comprising at least entries 

9 representing state information for data packets handled in at least one other 

1 0 node of said network element cluster, the contents of said common data 

1 1 structure effectively differing from the contents of said node-specific data 

1 2 structure and including copies of all state information entries maintained in a 

1 3 node-specific data structure of said at least one other node and needed for 

1 4 handling sets of data packets in said at least one other node, said entries 
1 5 being maintained according to information on how different sets of data 

1 6 packets are distributed among the nodes of the network element cluster, 

1 7 - dynamically changing distribution of at least one set of data packets 

1 8 from said at least one other node to said first node the network element 

1 9 cluster, and providing said first node with respective changed distribution 

20 information, 

21 - in response to said changed distribution information, selecting the 

22 state information entries of said at least one re-distributed set of data 

23 packets from said second common data structure and transferring them to 

24 said first node-specific data structure of said first node. 

1 27. [previously amended] A computer-readable medium having stored 

2 thereon computer-readable instructions that can control a computer to carry out a 

3 process, said instructions comprising: 

4 -means for maintaining in a first node a first, node-specific data 

5 structure comprising entries representing state information needed for 

6 handling sets of data packets handled in said first node, 

7 - means for maintaining in said first node in addition to said node- 

8 specific data structure a second, common data structure comprising at least 
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9 entries representing state information for data packets handled in at least 

I o one other node of said network element cluster, the contents of said 

I I common data structure effectively differing from the contents of said node- 
1 2 specific data structure and including copies of all state information entries 

1 3 maintained in a node-specific data structure of said at least one other node 

1 4 and needed for handling sets of data packets in said at least one other node, 

1 5 said entries being maintained according to information on how different sets 

1 6 of data packets are distributed among the nodes of the network element 

1 7 cluster, 

1 8 - means for dynamically changing distribution of at least one set of 

1 9 data packets from said at least one other node to said first node the network 

20 element cluster, and providing said first node with respective changed 

21 distribution information, 

22 - means for responding to said changed distribution information, by 

23 selecting the state information entries of said at least one re-distributed set 

24 of data packets from said second common data structure and transferring 

25 them to said first node-specific data structure of said first node. 
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